git.ipfire.org Git - thirdparty/suricata.git/commit

author	Jason Ish <jason.ish@oisf.net>
	Thu, 31 Mar 2022 18:45:07 +0000 (12:45 -0600)
committer	Victor Julien <vjulien@oisf.net>
	Wed, 20 Apr 2022 21:15:45 +0000 (23:15 +0200)
commit	1b6615da0175b0a8b7744f27de957cf0bf4c7b2d
tree	d8954ec9c60cb3084a1e20674cda8ec6af20fd3a	tree
parent	97bc7925d765a17e415e81fccbd52acd3fc5f133	commit \| diff

smb: protocol detection on pattern without midstream

To recognize a protocol, Suricata first looks for
patterns, which can be confirmed by a probing parser.
If this does not work, Suricata can try to run
some probing parsers on some ports.

This is the case for SMB.

This commit makes handling the confirming and the probing
paser differently even if they share much code.

The confirmation parser knows that a pattern has been found.
So, it must not do the midstream case of looking for this
pattern in the whole buffer, but only check it at the beginning.
But it must reverse direction if needed.

Ticket #4849

Backported manually by jason.ish@oisf.net.

rust/src/smb/smb.rs		diff \| blob \| blame \| history
src/app-layer-smb.c		diff \| blob \| blame \| history